Forescout Platform Reviews

This product provided a really good effect in terms of network access control. With the ForeScout NAC, distinguishing guests and corporate staff was easier.

This was very easy to achieve since the product integrates really well with Active Directory and the NMAP feature discovers all endpoints within the network.

With the use of the NAC solution from ForeScout, the company was able to defend against unauthorized access to the network, thereby thoroughly distinguishing who is a Corporate user and who is a Guest. Process for Guest Registration (if implemented properly) was also easy.

Detection and control of Dual-Homed devices needs to be improved, as the product sometimes gives false positives. Also, more custom policies should be made available.

I used this solution for 14 months.

There were issues of false positives whenever a new hotfix was installed even with the GA release. There was actually an issue where an upgrade to a new version of the hotfix plugin increased the CPU optimization and network bandwidth usage.

ForeScout is scalable since a management device is available to manage other CT boxes.

Technical support from ForeScout is pretty good, with escalations made promptly when needed.

No previous solution.

The initial setup was straightforward, as the steps were simple to understand. It only got complex when creating policies that are not simple.

I worked for a vendor team, and for any client ready to implement this product, I would recommend that the necessary requirements for deployment should be done before the team arrives to start implementation. This makes deployment less stressful.

No other options were evaluated.

If you are looking for a NAC solution which works without the use of agents, I would say ForeScout is the one to go for.

The use case is for a compliance check for the users who get into your organization. We identify the host for Windows PC, Mac, Linux, and servers. These are some of the use cases for user control and policy management. Some of the other use cases are to kill some applications and peer-to-peer applications. It's mainly for visibility and control, and we also integrate with various firewalls and other system security solutions. For example, LogRhythm, Splunk, Qreader, McAfee Orchestrator, and Trend Micro.

I work on multiple technologies and security technology. The solution is deployed on-premise. We don't use it for our own company. We are the system integrators and we deploy for various customers across the region we work with and we deploy most of the verticals.

This is far better than any other Mac solution. Within three or four days, we have complete visibility of your infrastructure on the network. Compared to other solutions, the deployment of the solution is easier and we can close the project quickly.

When we automate an email to send to a user, sometimes it gets blocked, but that has nothing to do with Forescout. It depends on the mail gateway that we use or integrate with.

They already support some 63,000 plus vendor models. They are also upgrading it, and they have two million plus devices in a single deployment. Maybe there are some legacy tools with support. I know they're working very hard on the OT infrastructure and OT side of integration, but I'm not into OT side.

I have been using this solution for three years.

I don't see any issue with stability. I'm not hearing from any customers who are reporting any issues about stability. They are mostly looking for compliance and operation security.

The solution is absolutely scalable.

Technical support is good. I don't see any issues. The type of support you get depends on the contract that you sign. They're timely and the support is good.

The amount of time it takes for deployment depends on how many branches you have, whether it's a central deployment or a hybrid. It depends on how you want to use the solution. It varies but if it is only central deployment for a couple of branches, we can do it in a minimum of one month.

The number of people it takes for deployment just depends. One engineer can do it, but you also need support from the customer. You should have very good system administrators, or some network engineers to support you in terms of various authentication integrations. There should be a minimum of one from the deployment side, two from the customer side.

I would rate this solution 7 out of 10. I'm not sure about the OT side, but the visibility, control, orchestration, dashboard, and reporting are all good.

My advice is that you really need to understand the prerequisites of the use cases if you want to deploy the solution. You should also understand what kind of services they should open and the security rules—a firewall. They should have a clear understanding of how it is being designed and the architecture. If you know, it's easy for deployment, otherwise you will get stuck.

Our primary use case is for device compliance and access control.

Its feature that I have found most valuable is that it is very granular. You can configure granular controls just as you want those policies to be implemented. It gives you that flexibility to go granular in how you want your controls to be implemented. That's something I like about it. 

The pricing, technical support, stability, scalability, initial set up, interface, dashboards, management, and monitoring are fantastic. They are excellent. 

The licensing of the solution is pretty simple. The process of deploying the solution is pretty straightforward. The dashboard, in terms of monitoring and management, is pretty simple. Maybe because I have a very robust technological background is why I don't struggle with these things. In terms of management, deployment, and support, although I really don't require their support, so far, so good.

Truth be told, I'm good with it. I'm yet to have something with the solution that I don't feel comfortable with. It's fine. I've not seen a cause or a reason why I should want something to be changed, but that doesn't take out the fact that there's always room for improvement. What I would love to see is a situation where my Forescout can integrate with different security technologies. Where it can share contextual information bidirectionally. I had written to Forescout about this and they told me they have that functionality already. So I think that settles it. They can share device context with the security technology and that technology can also be shared with Forescout. To build a form of connective strategy towards security. They have a dedicated module for the security technology I'm concerned about.

But with that software, I should be able to integrate my Forescout with any other third party security technology, to build that connected security strategy I talked about. So far, it's good. It meets my requirements that I had concern about.

I have been using Forescout Platform for one year.

In terms of scalability, my deployment architecture is central, so it scales with respect to the number of devices I have to add to my network. The licensing is based on the number of devices you have currently with regards to the future growth in the number of connected devices to your IT network or to your IT infrastructure. That gives you room to scale. So if I know that in the next two years, I would have an additional 50 or 100 users connecting to my network, either directly or remotely, I go for an appliance that accommodates that growth. Which is what I currently have.

So there's room to scale. Then the licensing is based on the number of devices you have currently. So if I have more devices come to my network, I can just acquire more licenses to take care of them. So I think that's fine.

I've been very conversant with the technology for areas where I've experienced some challenges and I had to fix it up myself, but it's straightforward.

In terms of support, I've had to reach out to technical support. He was readily available and we made progress. So support is also good. My experience so far has been good. That's why I told you earlier that it's difficult for me to really point to somewhere where I could make an improvement.

On a scale of one to ten I would give Forescout Platform a nine.

To find out what devices are in the network for our clients. We manage client's networks, so we have it on the client's network and they use it so they can make sure they know who's on the network and if it's secure.

We really like that we get full visibility of devices in the local network.

It could be better, they could work on the wide-area network and easier because it's a bit clumsy at the moment when we go on to a remote site. It works well in the head office but we've had challenges trying to install it across other sites. So pricing and support for branch offices. The interface is okay for the local office, but it's hard to get visibility from remote branches.

We have been using the Forescout Device and Visibility Control Platform for about two years.

The Forescout Platform is very stable.

It's scalable, but not without a big investment. It doesn't do so well at the branch. At the home office, it does okay and not so well at the branch.

We have used technical support, it's been fine.

The initial setup of Forescout Device and Visibility Control Platform is fairly complex.

The Forescout Device and Visibility Control Platform is quite expensive. I would recommend it depending on the environment, but I would tell them to look at things that depend on their environment. There is other software as well.

I would rate the Forescout Device and Visibility Control Platform at a six out of ten.

The visibility is the main benefit. We now know how many devices are connected, what the use for each device is and what kind of devices we have in our environment.

I can create granular policies. This is amazing. I really appreciate the granularity to create policies.

They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment.

The interface of this solution and the integration part needs improvement. The difference between the 7th and the 8th version is the dashboard. They should improve it. 

We never had a problem with this product. It has worked very well.

It's very simple to scale and to implement more devices and licenses. It's easy to grow.

We haven't had to use their technical support. 

We switched because ForeScout is the best tool for Mac. 

The initial setup was very easy, very simple to deploy. We didn't have problems or difficulties with the implementation.

We also looked at Fortinet. 

I would rate this solution an eight out of ten because it's the best solution. 

I would advise someone considering this or a similar solution to make sure that the solution works with a lot of vendors. Choose a product that doesn't change your environment.

Primarily used to define which host to admit onto the network, by tying a policy to the MAC address.

Identifying issues on why some hosts are not on the network, and assisting with possible remediation options.

• SNMP Traps on switches
• Getting the MAC address of the host from the ARP table of the switch and applying policy.

• Battled with the use of SNMP v1 instead of v2c
• Direct web interface rather than installation of a client.

The main feature, the NAC engine, is very flexible since ForeScout CounterACT doesn’t need the use of 802.1x and can work with almost all switch vendors.

Since my company is a systems integrator, we have ForeScout CounterACT in our lab just to test or troubleshoot customer configurations.

There isn’t a specific area to improve. It’s a good product from my point of view. Maybe the licensing and cost can be improved.

No issues with deployment.

Haven't had issues with stability.

Haven't had to scale it.

Maybe test the configuration very well before enabling actions (like VLAN moving, Captive Portal), because they can cause many problems in production environments if there are configuration mistakes.

The most valuable feature for us is the visibility into all connected devices. Also, the plugins are very robust -- the ability scanner, patch management system, and SQL integrator.

You can query a lot of information from the connected device, including their compliance statuses.

We've had no issues with deployment.

It's a stable solution.

There have been no issues with scaling it.

The initial setup was complex, but that was due to the nature of the network architecture.

We didn't look for other solutions.

Have a clear understanding and document the network architecture before you deploy it.